commit | fc712e6a73bf5b37d745c41739735d2d8fa61dce | [log] [tgz] |
---|---|---|
author | Rune Lillesveen <futhark@chromium.org> | Fri Jan 28 09:14:42 2022 |
committer | Copybara-Service <copybara-worker@google.com> | Fri Jan 28 09:30:02 2022 |
tree | 6ef3e0a2361962dcaac28b21139d7ef4b006ee17 | |
parent | 5b32cf712925b6dc144a193682b26823e96d8ea5 [diff] |
Revert "One process per policy in chrome://sandbox" This reverts commit 23a41c068e35f33df1c3579a3b0b469d4458e6c1. Reason for revert: Dependent on likely culprit CL for failing test on Windows IntegrationTestsTest.MultipleStuckChildrenSequential https://ci.chromium.org/p/chromium/builders/ci/win-asan/21045 Original change's description: > One process per policy in chrome://sandbox > > Policies now only apply to a single process so processIds can be > processId. (There was only ever one pid in the list, now there can > be only one.) > > No change to the main output on chrome://sandbox. > > Bug: 1270309 > Change-Id: I6851c622c89699cfe14f55f21930c4d5787d4d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3419521 > Reviewed-by: Will Harris <wfh@chromium.org> > Commit-Queue: Alex Gough <ajgo@chromium.org> > Cr-Commit-Position: refs/heads/main@{#964450} Bug: 1270309 Change-Id: I6688aba8cbaaccc7b3a7b89db4c70a1fd5f77796 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3423825 Reviewed-by: Morten Stenshorne <mstensho@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Rune Lillesveen <futhark@chromium.org> Owners-Override: Rune Lillesveen <futhark@chromium.org> Cr-Commit-Position: refs/heads/main@{#964489} NOKEYCHECK=True GitOrigin-RevId: b87336f144d5031ab16219779991d3e81493c8ea
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.